diff --git a/rules/windows/process_creation/proc_creation_win_susp_rundll32_script_run.yml b/rules/windows/process_creation/proc_creation_win_susp_rundll32_script_run.yml
index c293db94f..c438dbfc8 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_rundll32_script_run.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_rundll32_script_run.yml
@@ -4,7 +4,7 @@ status: experimental
 description: Detects suspicious process related to rundll32 based on arguments
 references:
     - https://gist.github.com/ryhanson/227229866af52e2d963cf941af135a52
-    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md#atomic-test-3---rundll32-execute-vbscript-command-using-ordinal-number
+    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md
 author: frack113, Zaw Min Htun (ZETA)
 date: 2021/12/04
 modified: 2023/02/03